Security concept for a wiki-like app
I created a wiki-like application. Currently, there is no security, so all the contents have "edit"-buttons where the user can edit everything. Now, i want my application to have a public read-only access and the read/write access to edit concents.
First of all, i think it is useful to do that by two roles: viewer and editor. For editors, there has to be an auth mechanism etc..
But then, I see two ways:
- Make an "editors portal" and a "viewers portal". Editors portal is an admin-like interface for good editing. Viewers portal is good for just reading.
- Make just one portal for read-acces, but when the user is an editor, there is something like an Editing-Layer on top of that. E.g. additional "Edit"-Buttons or mouseover-hint-buttons...something like that.
The 2-portals solution seems to be common for me. Do you have any experiences with the layer-solution or some other advices?